commit 1c69c5fcb898481cb0c6132e6b392fa0eddaf103
author Shawn Willden <swillden@google.com> Thu Jun 01 07:44:27 2017 -0600
committer Shawn Willden <swillden@google.com> Thu Jun 01 07:44:27 2017 -0600
tree 570ac8418cd9cf36bb8d42a5bf253d6cbefd256b
parent fcc61188827e1472965b36041c29b80cbe4079ba

Check return from DeleteKey correctly.

DeleteKey may legitimately return ErrorCode::UNIMPLEMENTED rather than
ErrorCode::OK, but the VTS test didn't allow that in all cases.  In many
case the return code was also left unchecked.

Test: adb shell/data/nativetest64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Bug: 62193967
Change-Id: I19a90a87850675b0700baf7409e57098e0584d54

keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp

diff --git a/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp
index fcd4dec..784f9b8 100644
--- a/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -374,7 +374,7 @@
   public:
     void TearDown() override {
         if (key_blob_.size()) {
-            EXPECT_EQ(ErrorCode::OK, DeleteKey());
+            CheckedDeleteKey();
         }
         AbortIfNeeded();
     }
@@ -505,6 +505,13 @@
         return error;
     }
 
+    void CheckedDeleteKey(HidlBuf* key_blob, bool keep_key_blob = false) {
+        auto rc = DeleteKey(key_blob, keep_key_blob);
+        EXPECT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED);
+    }
+
+    void CheckedDeleteKey() { CheckedDeleteKey(&key_blob_); }
+
     ErrorCode GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
                                  const HidlBuf& app_data, KeyCharacteristics* key_characteristics) {
         ErrorCode error;
@@ -718,7 +725,7 @@
                             KeyFormat::RAW, key));
         string signature = MacMessage(message, digest, expected_mac.size() * 8);
         EXPECT_EQ(expected_mac, signature) << "Test vector didn't match for digest " << (int)digest;
-        DeleteKey();
+        CheckedDeleteKey();
     }
 
     void CheckAesCtrTestVector(const string& key, const string& nonce, const string& message,
@@ -1067,7 +1074,7 @@
         EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size));
         EXPECT_TRUE(crypto_params.Contains(TAG_RSA_PUBLIC_EXPONENT, 3));
 
-        EXPECT_EQ(ErrorCode::OK, DeleteKey(&key_blob));
+        CheckedDeleteKey(&key_blob);
     }
 }
 
@@ -1112,7 +1119,7 @@
         EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::EC));
         EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size));
 
-        EXPECT_EQ(ErrorCode::OK, DeleteKey(&key_blob));
+        CheckedDeleteKey(&key_blob);
     }
 }
 
@@ -1161,7 +1168,7 @@
         EXPECT_EQ(ErrorCode::OK,
                   GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(Digest::NONE)))
             << "Failed to generate size: " << size;
-        DeleteKey();
+        CheckedDeleteKey();
     }
 }
 
@@ -1177,7 +1184,7 @@
             ErrorCode::OK,
             GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(curve).Digest(Digest::SHA_2_512)))
             << "Failed to generate key on curve: " << curve;
-        DeleteKey();
+        CheckedDeleteKey();
     }
 }
 
@@ -1227,7 +1234,7 @@
             EXPECT_TRUE(softwareEnforced.Contains(TAG_KEY_SIZE, key_size));
         }
 
-        EXPECT_EQ(ErrorCode::OK, DeleteKey(&key_blob));
+        CheckedDeleteKey(&key_blob);
     }
 }
 
@@ -1255,7 +1262,7 @@
                                                      .HmacKey(key_size)
                                                      .Digest(Digest::SHA_2_256)
                                                      .Authorization(TAG_MIN_MAC_LENGTH, 256)));
-            DeleteKey();
+            CheckedDeleteKey();
         }
     }
 }
@@ -1287,7 +1294,7 @@
                                       .HmacKey(128)
                                       .Digest(Digest::SHA_2_256)
                                       .Authorization(TAG_MIN_MAC_LENGTH, min_mac_length)));
-            DeleteKey();
+            CheckedDeleteKey();
         }
     }
 }
@@ -1677,7 +1684,7 @@
             string message(1024, 'a');
             if (digest == Digest::NONE) message.resize(key_size / 8);
             SignMessage(message, AuthorizationSetBuilder().Digest(digest));
-            DeleteKey();
+            CheckedDeleteKey();
         }
     }
 }
@@ -1698,7 +1705,7 @@
 
         string message(1024, 'a');
         SignMessage(message, AuthorizationSetBuilder().Digest(Digest::SHA_2_256));
-        DeleteKey();
+        CheckedDeleteKey();
     }
 }
 
@@ -1759,7 +1766,7 @@
         string signature = MacMessage(message, digest, 160);
         EXPECT_EQ(160U / 8U, signature.size())
             << "Failed to sign with HMAC key with digest " << digest;
-        DeleteKey();
+        CheckedDeleteKey();
     }
 }
 
@@ -2146,7 +2153,8 @@
                 << curve << ' ' << digest;
         }
 
-        ASSERT_EQ(ErrorCode::OK, DeleteKey());
+        auto rc = DeleteKey();
+        ASSERT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED);
     }
 }
 
@@ -2192,8 +2200,8 @@
     VerifyMessage(verification_key, message, signature,
                   AuthorizationSetBuilder().Digest(Digest::SHA1));
 
-    EXPECT_EQ(ErrorCode::OK, DeleteKey(&signing_key));
-    EXPECT_EQ(ErrorCode::OK, DeleteKey(&verification_key));
+    CheckedDeleteKey(&signing_key);
+    CheckedDeleteKey(&verification_key);
 }
 
 typedef KeymasterHidlTest ExportKeyTest;
@@ -3441,14 +3449,14 @@
     string key = make_string(key_bytes);
     ASSERT_EQ(ErrorCode::OK, ImportKey(import_params, KeyFormat::RAW, key));
     string plaintext = DecryptMessage(ciphertext, params);
-    EXPECT_EQ(ErrorCode::OK, DeleteKey());
+    CheckedDeleteKey();
 
     // Corrupt key and attempt to decrypt
     key[0] = 0;
     ASSERT_EQ(ErrorCode::OK, ImportKey(import_params, KeyFormat::RAW, key));
     EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
     EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));
-    EXPECT_EQ(ErrorCode::OK, DeleteKey());
+    CheckedDeleteKey();
 }
 
 /*